Andy Crouch - Code, Technology & Obfuscation ...

Using SSH Config To Manage Connections

Photo: Unsplash - Tracy Adams

I have been working across many new projects recently. This meant working with a myriad of new services and servers. As the majority of these are AWS and Linux services I have found myself living in ssh.

ssh is a secure shell which provides a method of logging into another machine remotely. It supports many authentication mechanisms and encrypts traffic between machines. It is a much-preferred alternative to FTP or telnet.

You connect via ssh by passing arguments that specify the user, the machines address and the port.

$ ssh auser@my.server.com -p 22000

Security can be handled by either public/private key authentication or by a password. If the later then you will be asked for the password. Key-Based authentication works by generating private and public keys which authenticate a user. One key is stored on the server and the other key is supplied by the user when logging in. Authentication by key is an article by itself and there is a lot on the internet already. This is a good place to start.

AWS EC2 Linux instances use a key-based authentication approach. As part of the set up process you will be asked to create or select a key pair to access your instance. Once created (or selected) the public key is added to your EC2 instance. You need to download the private key to your local machine which you can do by navigating to the Key Pair menu in EC2.

Once you have your .pem file containing the key on your local machine you need to change its permissions. This has to be done as the file needs to be read-only. You can set this by doing the following:

$ cd ~/path/to/private-key-file.pem
$ chmod 400 private-key-file.pem

Now you can connect via ssh to your instance. Start ssh and pass the path to the .pem file, the user name to connect as and the public dns address of the instance:

$ ssh -i "~/path/to/private-key-file.pem" username>@public.dns.address.of.the.server

or

$ ssh -i "~/ssh-key-files/private-key-file.pem" auser@ec2-1-1-111.us.east-4.compute.amazon.com

(and yes that is a fictitious DNS address!)

Now you can connect to your instance but that is a lot to remember and a lot of typing. What would be great is if there was an easy way to prevent typing. “What about an alias” you say?

alias ssh-my-ec2-instance="ssh -i "~/path/to/private-key-file.pem" username>@public.dns.address.of.the.server"

You could do that but ssh offers it’s own easier way to do it, the ~/.ssh/config file.

The ~/.ssh/config file is not automatically created when you install ssh so you might need to execute the following:

$ touch ~/.ssh/config

Once done open the file in Vim (or whatever you use) and create an entry that follows the following format:

Host <The Name You Will Connect With>
  HostName <The Public DNS Address For The EC2 Instance>
  IdentityFile <The Full Path To The Private Key File>
  User <The User Name To Connect With>

So to replicate our entry from earlier

$ ssh -i "~/ssh-key-files/private-key-file.pem" auser@ec2-1-1-111.us.east-4.compute.amazon.com

You’d add

Host my-ec2-instance
  HostName ec2-1-1-111.us.east-4.compute.amazon.com
  IdentityFile ~/ssh-key-files/private-key-file.pem
  User auser

Save the file and you will be able to connect with

$ shh my-ec2-instance

That’s a whole lot easier to manage and connect with. Don’t forget once you are connected that your terminal will almost certainly show a different prompt. You can exit your instance with

$ exit

This is only a very minimal of what is available to configure via the ~/.ssh/config file and you can read about the other options here.

Do you have tips or useful snippets you store in the ssh config file? If so please contact me via twitter or email.